A Chrome Extension
Everyone can agree that cookie consent banners are frustrating. It might be one of the few unifying factors on the internet today. Even though it’s a couple clicks, the couple clicks are a pain, and the couple clicks can happen on many sites each day.
There are browser extensions out there that will auto-accept cookies like I don’t care about cookies and it’s open source fork I still don’t care about cookies. You can even chain this extension with another that will auto-clean up your cookies. This is an adequate solution and ascribes to unix philosophy.
Additionally, there are extensions like uBlock Origin with additional filters to help ignore these annoying pop ups. Or Privacy Badger to block cookie trackers. Although there is space to provide an extension that just auto-rejects non essential cookies.
That’s what led to the “Reject Cookies” chrome extension. It will first attempt to reject the cookies on the page. If that is unsuccessful, it will then attempt to close the cookie pop up or banner. To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must
Receive users’ consent before you use any cookies except strictly necessary cookies.
So the omission of an acceptance should be on par with an explicit rejection. If you’re interested in how it works the code is open source and on github, but let’s step through it at a high level.
How it’s implemented
Vibe coding is the answer. I leveraged Cursor and let it auto-select the model. This combination while extremely useful, did not serve me as well as recent past experience. On the project setup front, I had not previously written a Chrome extension. Having the Cursor agent set up the boilerplate was convenient. Although, it requested too liberal of permissions in the permissions to start and wouldn’t go and update them as the design of the app changed
21 Comments
mrweasel
Consent-O-Matic can easily be configured to reject cookies.
I suppose that technically you could also just remove the pop-ups, that means that you never agreed to anything and the site have no permission to place cookies on your computer.
bberenberg
The common one I use in the space is https://consentomatic.au.dk/ but good on you for making an alternative. More options is great.
elashri
> So the omission of an acceptance should be on par with an explicit rejection
I know that is says "should" but how common that practice is followed by the websites? And in that case, wouldn't blocking the entire popups like ublock origin does becomes better option than installing a new plugin?
rizs12
Can you release it for firefox too please?
coldpie
uBlock Origin already has this. Enable the "Cookie notices" and "Annoyances" filters in uBlock Origin's settings.
Bonus pro-tip: Firefox for Android supports uBlock Origin, which means you can get rid of these godawful banners on mobile, too. Only iOS users are stuck having to put up with them.
rkagerer
How it’s implemented:
Vibe coding is the answer
Sorry, you want me to give browser privileges to code written by AI?
leoxiong
I never understood why the HTTP Do Not Track header wasn’t used to signal cookie preferences. It seemed like the perfect solution.
INTPenis
I want a Firefox extension that will auto-accept all cookies.
Because I already use Cookie Auto-Delete and I'm just sick of the question popping up. Stop nagging and give me all the cookies so I can delete them 5s after I close your tab.
cj
I noticed you deleted the privacy policy in Github, and link to this one instead https://privacy.reject-cookies.bymitch.com/
The one you link to doesn't really make sense:
> Data is collected on specific sites that the product is not working on. This data is sent explicitly by users and when it is collected we do not collect any information that could be tied to a specific user. Only the name of the site is collected and any additional information you include in the text of the report.
The original one that was deleted from the Github repo [0] is much simpler and to the point.
[0] https://github.com/mitch292/reject-cookies/commit/18a87b2bee…
m00dy
A rule based approach alone is insufficient and lacks maturity. The solution must be capable of understanding the context of a given webpage and taking actions based on that understanding.
HypnoticOcelot
What's the difference between this and "I still don't care about cookies"[0]?
[0] https://github.com/OhMyGuus/I-Still-Dont-Care-About-Cookies
shav123
nice how do you know where to reject is that a closed list?
pete1302
In todays world, having a performant and robust (that can support extension) browser on widely used Platforms (Ios, Android) seems like a dream. Is it too much too ask for?
mcoliver
Love the idea. I wish chrome extensions had a more granular permissions structure and/or reminders/security checkups on installed extensions and their permissions.
As it is the content scripts manifest permission for https://*/* for content.js is always so jarring to see. For those that don’t know this allows the extension to run that script on every site you visit after clicking accept ONCE when you install the extension. That means it can see financial info, health info, legal info, your diary, etc…
Now this makes sense from a usability perspective (I never have to see a cookie banner ever again!), but the author could change content.js at any time and the extension would continue to run without prompting the user.
This is not an attack on you Mitch! It sure looks like you’re trying to provide value in this world rather than take it. Rather it’s an attack on Google’s extension security model I’m really shocked google has not taken a more careful and nuanced stance to protecting users from a security standpoint.
I write this as a fellow chrome extensions dev. I wish I had better more granular permissions structures to protect my users and give them more information about what I am requesting and why along with regular reminders so they can make informed decisions about what they want to share.
p_ing
Consent-O-Matic is an extension that works fairly well and is cross browser.
https://github.com/cavi-au/Consent-O-Matic
nashashmi
What works on iOS mobile? That’s the ultimate limitation on customization.
tenthirtyam
Have you seen consent-o-matic?
https://github.com/cavi-au/Consent-O-Matic
https://addons.mozilla.org/en-GB/firefox/addon/consent-o-mat…
jlpom
Are you aware of https://addons.mozilla.org/fr/firefox/addon/consent-o-matic/?
skeeter2020
Cookie banners are a bad/wrong solution to the underlying problem, but it's the dark patterns within that really piss me off. I shouldn't have to invest deep cognitive attention to "only accept mandatory" but if you're not careful many dialogs will trick you into clicking accept all after you go to the trouble to untoggle all the optional shit. The answer is to use isolation containers, aggressively reset them and not to worry about any of this.
shwouchk
I don’t get it. All browsers have a “do not track” toggle implemented.
And still, we get consent banners. Wasn’t I clear when i said don’t track?
darajava
Brave does this by default and it works flawlessly apart from on fairly obscure websites (a lot of obscure websites don't have cookie notices anyway).
I don't know why more people don't use Brave – you can turn all the annoying crypto/ad stuff off and it never bothers you about it again.